Skip to content

Update CodeQL to 2.9.4 #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Sep 9, 2022
Merged

Update CodeQL to 2.9.4 #77

merged 11 commits into from
Sep 9, 2022

Conversation

mbaluda
Copy link
Contributor

@mbaluda mbaluda commented Sep 2, 2022
edited
Loading

Description

Updates CodeQL to version 2.9.4
Fixes compatibility issues in rules A7-3-1, A8-5-3, M0-1-4.

Details:

  • Updates the supported toolset to 2.9.4. The 2.7.6 release that we were already on has a blocking bug in the C++ standard library pack and does not have the isBraced predicate mentioned below.
  • Fixes a test expectation file based on changes in the set of reported paths for one path-problem query due to changes in the standard dataflow library.
  • In A7-3-1, more accurate locations for names in using-declarations are now reported.
  • In A8-5-3, after the CodeQL update, int was emitted as the type for x in auto x{1}, and not std::initializer_list. To address this, an isBraced predicate was added to the Initialization class of the CodeQL C++ library. This PR switches A8-5-3 over to use that predicate. This also addresses a false positive that could occur, where no braced initialization was used, but where the inferred type for auto was std::initializer_list.
  • In M0-1-4, SingleUsePODVariable.ql, we were including compiler-generated accesses to the variable when computing the number of uses. This caused new false negatives with the latest C++ extractor, because more compiler-generated constructors, assignment operators, etc. are now present in the database. The intent of the rule is clearly to count user-written uses, so the rule has been updated to ignore compiler-generated uses.
  • Fix performance issues in A0-1-5, A10-2-1 and M10-2-1

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql, .qll, .qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • rule number here
  • Queries have been modified for the following rules:
    • A7-3-1
    • A8-5-3
    • M0-1-4.

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with the style guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

@mbaluda mbaluda self-assigned this Sep 2, 2022
@mbaluda mbaluda mentioned this pull request Sep 2, 2022
Closed
29 tasks
@mbaluda mbaluda marked this pull request as ready for review September 5, 2022 15:17
@mbaluda mbaluda requested a review from rvermeulen September 5, 2022 15:17
@mbaluda
Copy link
Contributor Author

mbaluda commented Sep 7, 2022

The update introduces performance issues for rules A0-1-5 and M10-2-1

jketema
jketema reviewed Sep 8, 2022
View reviewed changes
@mbaluda
Copy link
Contributor Author

mbaluda commented Sep 8, 2022

The performance issues are now fixed.
The "Test Release" workflow completes succesfully:
https://github.com/github/codeql-coding-standards-release-engineering/actions/runs/3014459808

@mbaluda mbaluda requested a review from jsinglet September 8, 2022 13:04
@jsinglet
Copy link
Contributor

jsinglet commented Sep 9, 2022
edited
Loading

@mbaluda and @jketema you can view the performance impact by reviewing this PR: https://github.com/github/codeql-coding-standards-release-engineering/pull/22

Specifically, the performance improvement looks to be excellent! 🎉

Some examples:

jsinglet
jsinglet approved these changes Sep 9, 2022
View reviewed changes
Copy link
Contributor

@jsinglet jsinglet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks for all of this hard work! Note that this will not be releasable until the automation on the release engineering side is updated to dynamically pull the codeql bundle from the embedded supported_configs.json

@mbaluda mbaluda merged commit 9a23aba into main Sep 9, 2022
@mbaluda mbaluda deleted the mbaluda/ql2.9.4 branch September 9, 2022 17:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jketema jketema jketema left review comments

@jsinglet jsinglet jsinglet approved these changes

@rvermeulen rvermeulen Awaiting requested review from rvermeulen

Assignees

@mbaluda mbaluda

Labels
None yet
Projects
Coding Standards Public Development Board
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mbaluda @jsinglet @jketema